Snort mailing list archives
Re: multiple port variable fun
From: "Justin Heath" <justin.heath () gmail com>
Date: Wed, 25 Jul 2007 10:27:29 -0400
For now you will have to deal with separate definitions for multiple HTTP ports. However, port lists are planned for the 2.8 release which will resolve this issue. Cheers, Justin On 7/24/07, Frank Knobbe <frank () knobbe us> wrote:
On Wed, 2007-07-04 at 09:17 +0200, Jeffrey Denton wrote:On 7/3/07, Ryan Hudson <ryan () mydingo net au> wrote:Do you mean put that in snort.conf? Because when i tried that it just thought you were reading the same rules files multiple times and failed as the same pid's were being used multiple times. And the http_ports variable was over-written 3 times.Yeap, the SIDs will cause problems. Barnyard and Oinkmaster wouldn't play nice either. One possible solution is to create separate rules files for each port. This looks ugly...Really? Never had a problem with that. Just created a small test file with a duplicate rule, but changed ports. Snort reads both rules without a complaint. What version of Snort are you using that causes that error? Or is the error caused by some third party app? Regards, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- multiple port variable fun ryan (Jul 02)
- Message not available
- Re: multiple port variable fun Ryan Hudson (Jul 03)
- Re: multiple port variable fun Jeffrey Denton (Jul 04)
- Re: multiple port variable fun Frank Knobbe (Jul 24)
- Re: multiple port variable fun Justin Heath (Jul 25)
- Re: multiple port variable fun Ryan Hudson (Jul 03)
- Message not available